From owner-freebsd-net@FreeBSD.ORG  Sat Jan 22 01:07:36 2005
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
Delivered-To: freebsd-net@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id EE18416A4CE
	for <freebsd-net@freebsd.org>; Sat, 22 Jan 2005 01:07:36 +0000 (GMT)
Received: from drumandbass.at (drumandbass.at [62.116.16.204])
	by mx1.FreeBSD.org (Postfix) with ESMTP id C074343D46
	for <freebsd-net@freebsd.org>; Sat, 22 Jan 2005 01:07:35 +0000 (GMT)
	(envelope-from chaoztc@confusion.at)
Received: (qmail 5548 invoked by uid 1027); 22 Jan 2005 01:07:34 -0000
Received: from 62.116.16.204 by drumandbass.at (envelope-from
	<chaoztc@confusion.at>, uid 82) with qmail-scanner-1.23st 
	(spamassassin: 2.63. perlscan: 1.23st.   Clear:RC:1(62.116.16.204):. 
	Processed in 3.342001 secs); 22 Jan 2005 01:07:34 -0000
X-Qmail-Scanner-Mail-From: chaoztc@confusion.at via drumandbass.at
X-Qmail-Scanner: 1.23st (Clear:RC:1(62.116.16.204):. Processed in 3.342001
	secs Process 5539)
Received: from unknown (HELO drumandbass.at) (62.116.16.204)
  by drumandbass.at with SMTP; 22 Jan 2005 01:07:30 -0000
Date: Sat, 22 Jan 2005 02:07:29 +0100 (CET)
From: Ingo <chaoztc@confusion.at>
X-X-Sender: <chaoztc@ix.reflection.at>
To: Brooks Davis <brooks@one-eyed-alien.net>
In-Reply-To: <20050121230726.GB18608@odin.ac.hmc.edu>
Message-ID: <20050122020040.J93890-100000@ix.reflection.at>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
cc: "freebsd-net@freebsd.org" <freebsd-net@freebsd.org>
Subject: Re: [PATCH] 802.1p priority (fixed)
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 22 Jan 2005 01:07:37 -0000

Hi

> > In an Isp backbone I trust 802.1Q packets because no customer has access
> > to tagged vlan connections.
> > Trusting in TOS bit is in such a network no good idea because every
> > customer could send IP traffic. And overwriting the TOS bit at all network
> > edges could be a pain to not miss some edges.
> > 802.1Q is some kind of "out of band" QOS for IP.
> >
> > L2 Ethernet switches could also handle 802.1Q but not the TOS bits in the
> > IP header.
>
> I'm not sure what your point is.  It's certaintly the case that they are
> only useful if you trust all hosts on the ethernet.

Untagged ethernet could be untrusted because 802.1Q is only possible on
tagged ethernet. The priority tag is an extension to the 802.1P vlan
header.
In an ISP environment there are in most time routing hops between which
effecively kill the 802.1Q field. Only easy to select ip-interfaces on
more intelligent hardware (L3 switches, ...) could pass the data over routing
hops, which are much easier to control than ip routing modems which could
easily be hijacked by customers. Also not much modem support the changing
of the TOS field.

In short wortds:
802.1Q is easy to control and easy to secure.
TOS, DSCP, ... is easy to control but hard to secure.

bye,
	Ingo